CVE-2021-42083

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

OESA-2023-1415 kubernetes security update

Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...

OESA-2023-1414 kubernetes security update

Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...

DEBIAN-CVE-2023-2727

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...

UBUNTU-CVE-2023-2727

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +65 more potentially affected by CVE-2023-2422 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=21.1.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.3.2, =0.1.0, =1.0.0 and more Source cves: CVE-2023-2422 Source advisory: OSV:GHSA-3QH5-QQJ2-C78F...

GitLab 15.1 < 15.11.10 / 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-2620)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer...

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...

GitLab 13.6 < 15.11.10 / 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-3363)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the...

Missing Authorization

github.com/mattermost/mattermost-server is vulnerable to Missing Authorization. The vulnerability exists because the library does not properly sanitize the embedded posts transmitted over websockets, allowing an attacker to send a malicious POST request to the App’s webhook path apps built using...

The vulnerability of the Kubernetes cluster management software relates to the possibility of circumventing the ImagePolicyWebhook module’s policies. This allows a hacker to bypass existing security restrictions when running containers.

The vulnerability of the Kubernetes cluster management software relates to the possibility of circumventing the ImagePolicyWebhook module’s policies. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions when running containers remotely...

GHSA-455C-VQRF-MGHR Mattermost Server Missing Authorization vulnerability

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps...

Mattermost Server Missing Authorization vulnerability

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps...

CVE-2023-2783

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps...

CVE-2023-2783 App Framework does not checks for the secret provided in the incoming webhook request

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps...

CVE-2023-2783

The CVE-2023-2783 issue affects Mattermost Apps Framework and involves failure to verify a secret in the incoming webhook request, allowing an attacker to modify the content of posts produced by Apps. It is a network-vector vulnerability with low privileges required and no user interaction, impac...

CVE-2023-2783 App Framework does not checks for the secret provided in the incoming webhook request

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in the Mattermost Apps Framework, which can be exploited by an attacker to send a POST request to the application's Webhook path and modify the content of messages...

The vulnerability of the Webhook component in the Kubernets Rancher cluster management software allows a hacker to increase their privileges.

The vulnerability of the Webhook component in Kubernets Rancher’s cluster management software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go...